bgneal@565: """ bgneal@565: View tests for the accounts application. bgneal@565: bgneal@565: """ bgneal@565: import datetime bgneal@762: import re bgneal@565: bgneal@565: from django.test import TestCase bgneal@565: from django.core.urlresolvers import reverse bgneal@659: from django.core import mail bgneal@576: from django.contrib.auth.models import User bgneal@576: from django.contrib.auth.hashers import check_password bgneal@565: bgneal@565: from accounts.models import PendingUser bgneal@565: from accounts.models import IllegalUsername bgneal@565: from accounts.models import IllegalEmail bgneal@565: bgneal@565: bgneal@565: class RegistrationTest(TestCase): bgneal@565: bgneal@565: def setUp(self): bgneal@565: u = User.objects.create_user('existing_user', 'existing_user@example.com', 'pw') bgneal@565: u.save() bgneal@565: bgneal@565: # a 2nd user has the same email as another bgneal@565: u = User.objects.create_user('existing_user2', 'existing_user@example.com', 'pw') bgneal@565: u.save() bgneal@565: bgneal@565: PendingUser.objects.create(username='pending_user', bgneal@565: email='pending_user@example.com', bgneal@565: password='pw', bgneal@565: date_joined=datetime.datetime.now(), bgneal@565: key='key') bgneal@565: bgneal@565: IllegalUsername.objects.create(username='illegalusername') bgneal@565: IllegalEmail.objects.create(email='illegal@example.com') bgneal@565: bgneal@782: self.post_vals = { bgneal@782: 'username': 'a_new_user', bgneal@782: 'email': 'test@example.com', bgneal@782: 'password1': 'my_password', bgneal@782: 'password2': 'my_password', bgneal@782: 'agree_age': 'on', bgneal@782: 'agree_tos': 'on', bgneal@782: 'agree_privacy': 'on', bgneal@782: 'question1': '101', bgneal@782: 'question2': '', bgneal@782: 'question3': '', bgneal@782: 'question4': u'2', bgneal@782: 'question5': u'328', bgneal@782: 'question6': u'4', bgneal@782: 'question7': [u'2', u'4', u'5', u'7'], bgneal@782: } bgneal@782: bgneal@565: def test_get_view(self): bgneal@565: """ bgneal@565: Test a simple get of the registration view bgneal@565: bgneal@565: """ bgneal@565: response = self.client.get(reverse('accounts-register')) bgneal@565: self.assertEqual(response.status_code, 200) bgneal@565: bgneal@565: def test_existing_user(self): bgneal@565: """ bgneal@565: Ensure we can't register with an existing username. bgneal@565: bgneal@565: """ bgneal@565: response = self.client.post(reverse('accounts-register'), { bgneal@565: 'username': 'existing_user', bgneal@565: 'email': 'test@example.com', bgneal@565: 'password1': 'my_password', bgneal@565: 'password2': 'my_password', bgneal@565: 'agree_age': 'on', bgneal@565: 'agree_tos': 'on', bgneal@565: 'agree_privacy': 'on', bgneal@565: 'question1': '101', bgneal@565: 'question2': '', bgneal@565: }) bgneal@565: bgneal@565: self.assertEqual(response.status_code, 200) bgneal@565: self.assertContains(response, 'A user with that username already exists') bgneal@565: bgneal@565: def test_pending_user(self): bgneal@565: """ bgneal@565: Ensure we can't register with a pending username. bgneal@565: bgneal@565: """ bgneal@782: self.post_vals['username'] = 'pending_user' bgneal@782: response = self.client.post(reverse('accounts-register'), bgneal@782: self.post_vals) bgneal@565: self.assertEqual(response.status_code, 200) bgneal@565: self.assertContains(response, 'A pending user with that username already exists') bgneal@565: bgneal@565: def test_illegal_username(self): bgneal@565: """ bgneal@565: Ensure we can't register with a banned username. bgneal@565: bgneal@565: """ bgneal@782: self.post_vals['username'] = 'illegalusername' bgneal@782: response = self.client.post(reverse('accounts-register'), bgneal@782: self.post_vals) bgneal@565: self.assertEqual(response.status_code, 200) bgneal@565: self.assertContains(response, 'That username is not allowed') bgneal@565: bgneal@565: def test_duplicate_existing_email(self): bgneal@565: """ bgneal@565: Ensure we can't register with a duplicate email address. bgneal@565: bgneal@565: """ bgneal@782: self.post_vals['email'] = 'existing_user@example.com' bgneal@782: response = self.client.post(reverse('accounts-register'), bgneal@782: self.post_vals) bgneal@565: self.assertEqual(response.status_code, 200) bgneal@565: self.assertContains(response, 'A user with that email address already exists') bgneal@565: bgneal@565: def test_duplicate_pending_email(self): bgneal@565: """ bgneal@565: Ensure we can't register with a duplicate email address. bgneal@565: bgneal@565: """ bgneal@782: self.post_vals['email'] = 'pending_user@example.com' bgneal@782: response = self.client.post(reverse('accounts-register'), bgneal@782: self.post_vals) bgneal@565: self.assertEqual(response.status_code, 200) bgneal@565: self.assertContains(response, 'A pending user with that email address already exists') bgneal@565: bgneal@565: def test_illegal_email(self): bgneal@565: """ bgneal@565: Ensure we can't register with a banned email address. bgneal@565: bgneal@565: """ bgneal@782: self.post_vals['email'] = 'illegal@example.com' bgneal@782: response = self.client.post(reverse('accounts-register'), bgneal@782: self.post_vals) bgneal@565: self.assertEqual(response.status_code, 200) bgneal@565: self.assertContains(response, 'That email address is not allowed') bgneal@565: bgneal@565: def test_password_match(self): bgneal@565: """ bgneal@565: Ensure the passwords match. bgneal@565: bgneal@565: """ bgneal@782: self.post_vals['password2'] = "doesn't match" bgneal@782: response = self.client.post(reverse('accounts-register'), bgneal@782: self.post_vals) bgneal@565: self.assertEqual(response.status_code, 200) bgneal@565: self.assertContains(response, "The two password fields didn't match") bgneal@565: bgneal@565: def test_question1(self): bgneal@565: """ bgneal@565: Ensure our anti-spam question is answered. bgneal@565: bgneal@565: """ bgneal@782: self.post_vals['question1'] = 'huh' bgneal@782: response = self.client.post(reverse('accounts-register'), bgneal@782: self.post_vals) bgneal@565: self.assertEqual(response.status_code, 200) bgneal@565: self.assertContains(response, "Incorrect answer to our anti-spam question") bgneal@565: bgneal@565: def test_question2(self): bgneal@565: """ bgneal@565: Ensure our honeypot question check works. bgneal@565: bgneal@565: """ bgneal@782: self.post_vals['question2'] = 'non blank' bgneal@782: response = self.client.post(reverse('accounts-register'), bgneal@782: self.post_vals) bgneal@782: self.assertEqual(response.status_code, 200) bgneal@565: bgneal@782: def test_question3(self): bgneal@782: """ bgneal@782: Ensure our non-hidden honeypot question check works. bgneal@782: bgneal@782: """ bgneal@782: self.post_vals['question3'] = 'non blank' bgneal@782: response = self.client.post(reverse('accounts-register'), bgneal@782: self.post_vals) bgneal@782: self.assertEqual(response.status_code, 200) bgneal@782: bgneal@782: def test_question4(self): bgneal@782: """ bgneal@782: Ensure our security question 4 works bgneal@782: bgneal@782: """ bgneal@782: self.post_vals['question4'] = u'1' bgneal@782: response = self.client.post(reverse('accounts-register'), bgneal@782: self.post_vals) bgneal@782: self.assertEqual(response.status_code, 200) bgneal@782: bgneal@782: self.post_vals['question4'] = u'4' bgneal@782: response = self.client.post(reverse('accounts-register'), bgneal@782: self.post_vals) bgneal@782: self.assertEqual(response.status_code, 200) bgneal@782: bgneal@782: self.post_vals['question4'] = u'8' bgneal@782: response = self.client.post(reverse('accounts-register'), bgneal@782: self.post_vals) bgneal@782: self.assertEqual(response.status_code, 200) bgneal@782: bgneal@782: def test_question5(self): bgneal@782: """ bgneal@782: Ensure our security question 5 works bgneal@782: bgneal@782: """ bgneal@782: self.post_vals['question5'] = u'1' bgneal@782: response = self.client.post(reverse('accounts-register'), bgneal@782: self.post_vals) bgneal@782: self.assertEqual(response.status_code, 200) bgneal@782: bgneal@782: self.post_vals['question5'] = u'X' bgneal@782: response = self.client.post(reverse('accounts-register'), bgneal@782: self.post_vals) bgneal@782: self.assertEqual(response.status_code, 200) bgneal@782: bgneal@782: self.post_vals['question5'] = u'2983' bgneal@782: response = self.client.post(reverse('accounts-register'), bgneal@782: self.post_vals) bgneal@782: self.assertEqual(response.status_code, 200) bgneal@782: bgneal@782: def test_question6(self): bgneal@782: """ bgneal@782: Ensure our security question 6 works bgneal@782: bgneal@782: """ bgneal@782: self.post_vals['question6'] = u'1' bgneal@782: response = self.client.post(reverse('accounts-register'), bgneal@782: self.post_vals) bgneal@782: self.assertEqual(response.status_code, 200) bgneal@782: bgneal@782: self.post_vals['question6'] = u'2' bgneal@782: response = self.client.post(reverse('accounts-register'), bgneal@782: self.post_vals) bgneal@782: self.assertEqual(response.status_code, 200) bgneal@782: bgneal@782: self.post_vals['question6'] = u'8' bgneal@782: response = self.client.post(reverse('accounts-register'), bgneal@782: self.post_vals) bgneal@782: self.assertEqual(response.status_code, 200) bgneal@782: bgneal@782: def test_question7(self): bgneal@782: """Test security question 7""" bgneal@782: bgneal@782: self.post_vals['question7'] = [] bgneal@782: response = self.client.post(reverse('accounts-register'), bgneal@782: self.post_vals) bgneal@782: self.assertEqual(response.status_code, 200) bgneal@782: bgneal@782: self.post_vals['question7'] = [u'1'] bgneal@782: response = self.client.post(reverse('accounts-register'), bgneal@782: self.post_vals) bgneal@782: self.assertEqual(response.status_code, 200) bgneal@782: bgneal@782: self.post_vals['question7'] = [u'6', u'2', u'4', u'5', u'7'] bgneal@782: response = self.client.post(reverse('accounts-register'), bgneal@782: self.post_vals) bgneal@782: self.assertEqual(response.status_code, 200) bgneal@782: bgneal@782: self.post_vals['question7'] = [u'4', u'3', u'7'] bgneal@782: response = self.client.post(reverse('accounts-register'), bgneal@782: self.post_vals) bgneal@690: self.assertEqual(response.status_code, 200) bgneal@565: bgneal@565: def test_success(self): bgneal@565: """ bgneal@565: Ensure we can successfully register. bgneal@565: bgneal@565: """ bgneal@782: response = self.client.post(reverse('accounts-register'), bgneal@782: self.post_vals) bgneal@565: self.assertEqual(response.status_code, 302) bgneal@565: bgneal@565: try: bgneal@565: pending = PendingUser.objects.get(username='a_new_user') bgneal@565: except PendingUser.DoesNotExist: bgneal@565: self.fail("PendingUser was not created") bgneal@565: bgneal@565: self.assertEqual(pending.email, 'test@example.com') bgneal@565: self.assertTrue(datetime.datetime.now() - pending.date_joined < bgneal@565: datetime.timedelta(minutes=1)) bgneal@565: self.assertTrue(check_password('my_password', pending.password)) bgneal@659: bgneal@659: bgneal@659: class ForgotUsernameTest(TestCase): bgneal@659: bgneal@659: def setUp(self): bgneal@659: u = User.objects.create_user('existing_user', 'existing_user@example.com', 'pw') bgneal@659: u.save() bgneal@659: bgneal@659: def test_get_query_view(self): bgneal@659: """Test a simple get of the username query view""" bgneal@659: response = self.client.get(reverse('accounts-username_query')) bgneal@659: self.assertEqual(response.status_code, 200) bgneal@659: bgneal@659: def test_get_username_sent_view(self): bgneal@659: """Test a simple get of the username sent view""" bgneal@659: response = self.client.get(reverse('accounts-username_sent')) bgneal@659: self.assertEqual(response.status_code, 200) bgneal@659: bgneal@659: def test_invalid_email(self): bgneal@659: """Test form submittal of unknown email address.""" bgneal@659: response = self.client.post(reverse('accounts-username_query'), { bgneal@659: 'email': 'bad_address@example.com', bgneal@659: }, bgneal@659: follow=True) bgneal@659: bgneal@659: self.assertRedirects(response, reverse('accounts-username_sent')) bgneal@659: bgneal@659: self.assertEqual(len(mail.outbox), 0) bgneal@659: bgneal@659: def test_valid_email(self): bgneal@659: """Test form submittal of valid email address.""" bgneal@659: response = self.client.post(reverse('accounts-username_query'), { bgneal@659: 'email': 'existing_user@example.com', bgneal@659: }, bgneal@659: follow=True) bgneal@659: bgneal@659: self.assertRedirects(response, reverse('accounts-username_sent')) bgneal@659: bgneal@659: self.assertEqual(len(mail.outbox), 1) bgneal@659: if len(mail.outbox): bgneal@659: self.assertTrue(mail.outbox[0].subject.startswith('Forgotten username')) bgneal@762: bgneal@762: bgneal@762: class ForgotEmailTest(TestCase): bgneal@762: """Because we use a custom URL its important to test this. This got broken bgneal@762: in Django 1.6 when the URL pattern changed. bgneal@762: bgneal@762: """ bgneal@762: bgneal@762: def setUp(self): bgneal@762: u = User.objects.create_user('user1', 'user1@example.com', 'pw') bgneal@762: u.save() bgneal@762: bgneal@762: def test_nominal_case(self): bgneal@762: """Test a full forgot password scenario.""" bgneal@762: bgneal@762: # GET password reset page bgneal@762: response = self.client.get(reverse('accounts-password_reset')) bgneal@762: self.assertEqual(response.status_code, 200) bgneal@762: bgneal@762: # POST email address bgneal@762: args = {'email': 'user1@example.com'} bgneal@762: response = self.client.post(reverse('accounts-password_reset'), args, bgneal@762: follow=True) bgneal@762: self.assertRedirects(response, reverse('accounts-password_reset_sent')) bgneal@762: bgneal@762: # Ensure the email was sent bgneal@762: self.assertEqual(len(mail.outbox), 1) bgneal@762: if (len(mail.outbox)): bgneal@762: msg = mail.outbox[0] bgneal@762: self.assertTrue(msg.subject.startswith('Password reset')) bgneal@762: self.assertTrue(len(msg.to) == 1 and msg.to[0] == 'user1@example.com') bgneal@762: msg_text = msg.message().as_string() bgneal@762: m = re.search(r'http://example.com/accounts/password/reset/confirm/' bgneal@762: r'(?P[0-9A-Za-z_\-]+)/(?P[0-9a-z]+-\w+)/', bgneal@762: msg_text) bgneal@762: self.assertTrue(m is not None) bgneal@762: if m: bgneal@762: uidb64, token = m.group('uidb64'), m.group('token') bgneal@762: bgneal@762: # visit the password reset page bgneal@762: response = self.client.get( bgneal@762: reverse('accounts-password_reset_confirm', bgneal@762: kwargs={'uidb64': uidb64, 'token': token})) bgneal@762: self.assertEqual(response.status_code, 200) bgneal@762: bgneal@762: # POST new password bgneal@762: args = {'new_password1': 'pw2', 'new_password2': 'pw2'} bgneal@762: response = self.client.post( bgneal@762: reverse('accounts-password_reset_confirm', bgneal@762: kwargs={'uidb64': uidb64, 'token': token}), bgneal@762: args, follow=True) bgneal@762: self.assertRedirects(response, bgneal@762: reverse('accounts-password_reset_success')) bgneal@762: self.assertEqual(response.status_code, 200) bgneal@762: bgneal@762: # Check new password bgneal@762: u = User.objects.get(username='user1') bgneal@762: self.assertTrue(check_password('pw2', u.password))